You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Hi.
I'm totally infected by these viruses. They're all showing in my browser history: doginhispen, tribalfusion, skitodayplease, 88.80.7.66. Anti-Spyware software not helpfull. I downloaded FindAWF.exe, but need some help how to step through the cleanup process. Would be greatly appreciated.
Thanks,
DreamofSun

Thanks Quietman7!
So far so good. This morning on bootup and again after cleansing the system with ATF, the rogue history entries are not showing. Do you by any chance know what information may have been snatched by these rogue sites/groups (tribalfusion/doginhispen/etc)? My wife made an online purchase while these trojans were in place. Wondering if there's any chance they could have snatched credit card or other personal info?

Your infection was related to Downloader.Agent.awf. IMO anytime your machine is infected its always "best practice" to change all your passwords and let credit card companies know that your machine may have been compromised.

Thanks Quietman7. Seems however that I'm not yet clean. I still have tribalfusion showing in IE history. It popped up after we finished everything. In IE7 history it reads as follws:
a.tribalfusion (a.tribalfusion.com)
Can you assist to remove that as well. It seems also to be a virus.

Double-click SUPERAntiSypware.exe and use the default settings for installation.

An icon will be created on your desktop. Double-click that icon to launch the program.

If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates...". (If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.)

Under the "Configuration and Preferences", click the Preferences... button.

Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.

Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Scan for tracking cookies.

Terminate memory threats before quarantining.

Click the "Close" button to leave the Control Center screen.

Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

On the left, make sure you check C:\Fixed Drive.

On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".

After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".

Make sure everything has a checkmark next to it and click "Next".

A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.

If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Click Close to exit the program.

Then add Tribalfusion to your hosts file to block that site. Better yet, download and use a custom HOSTS file which already has that site added for blocking along with numerous others.

MVPS HOSTS File zipped version: http://www.mvps.org/winhelp2002/hosts.zipDownload includes a batch file (mvps.bat) that will rename the existing HOSTS file to HOSTS.MVP, then copy the included updated HOSTS file to the proper location.

Hi again Quietman,
its back again, and again, and again.
a.doginhispen keep showing up. I re-ran the entire FindAWF process + ATF Cleaner + Superantispyware last night. Rebooted and then its back along with skitoftheday. I rescrubbed again, taking all 4 steps with FindAWF, etc, etc. Turned computer on again and there it is a.doginhispen in the history. In between I was deleting all history, cookies, temp files, etc. I just now ran AWF step 1 and it's clean (attached below). Why then does this keep showing in history. Do you know where it resides? Any other more comprehensive way to find/kill it? Please help again. Thanks.